Skip to content

Commit dc42e65

Browse files
HalfwalkerHalfwalker
committed
SecureBoot - omit signing things if they don't exist
1 parent 01a8789 commit dc42e65

File tree

1 file changed

+16
-6
lines changed

1 file changed

+16
-6
lines changed

ZFS-root.sh

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2653,16 +2653,26 @@ cat >> ${ZFSBUILD}/root/Setup.sh << '__EOF__'
26532653
type: file
26542654
- path: /boot/efi/EFI/refind/refind_x64.efi
26552655
output: /boot/efi/EFI/refind/refind_x64.efi
2656-
- path: /boot/efi/EFI/tools/memtest86/memtest86.efi
2657-
output: "/boot/efi/EFI/tools/memtest86/memtest86.efi
2658-
- path: /boot/efi/EFI/tools/shellx64.efi
2659-
output: "/boot/efi/EFI/tools/shellx64.efi
26602656
- path: /boot/efi/EFI/zfsbootmenu/vmlinuz-bootmenu
26612657
output: "/boot/efi/EFI/zfsbootmenu/vmlinuz-bootmenu
26622658
- path: /boot/efi/EFI/zfsbootmenu/zfsbootmenu.efi
26632659
output: "/boot/efi/EFI/zfsbootmenu/zfsbootmenu.efi
26642660
EOF
26652661
2662+
# Only add shellx64.efi and memtest86.efi if they exist
2663+
if [ -e /boot/efi/EFI/tools/shellx64.efi ] ; then
2664+
cat >> /etc/sbctl <<- EOF
2665+
- path: /boot/efi/EFI/tools/shellx64.efi
2666+
output: "/boot/efi/EFI/tools/shellx64.efi
2667+
EOF
2668+
fi
2669+
if [ -e /boot/efi/EFI/tools/memtest86/memtest86.efi ] ; then
2670+
cat >> /etc/sbctl <<- EOF
2671+
- path: /boot/efi/EFI/tools/memtest86/memtest86.efi
2672+
output: "/boot/efi/EFI/tools/memtest86/memtest86.efi
2673+
EOF
2674+
fi
2675+
26662676
apt-get -qq update
26672677
apt-get -qq --yes --no-install-recommends install systemd-boot-efi
26682678
apt-get -qq --yes --no-install-recommends install sbctl systemd-ukify
@@ -2685,8 +2695,8 @@ cat >> ${ZFSBUILD}/root/Setup.sh << '__EOF__'
26852695
/usr/sbin/sbctl create-keys
26862696
/usr/sbin/sbctl enroll-keys --microsoft
26872697
/usr/sbin/sbctl sign -s /boot/efi/EFI/refind/refind_x64.efi
2688-
/usr/sbin/sbctl sign -s /boot/efi/EFI/tools/memtest86/memtest86.efi
2689-
/usr/sbin/sbctl sign -s /boot/efi/EFI/tools/shellx64.efi
2698+
[ -e /boot/efi/EFI/tools/memtest86/memtest86.efi ] && /usr/sbin/sbctl sign -s /boot/efi/EFI/tools/memtest86/memtest86.efi
2699+
[ -e /boot/efi/EFI/tools/shellx64.efi ] && /usr/sbin/sbctl sign -s /boot/efi/EFI/tools/shellx64.efi
26902700
/usr/sbin/sbctl sign -s /boot/efi/EFI/zfsbootmenu/zfsbootmenu.efi
26912701
if [ "${ZFSBOOTMENU_BINARY_TYPE}" != "EFI" ] ; then
26922702
/usr/sbin/sbctl sign -s /boot/efi/EFI/zfsbootmenu/vmlinuz-bootmenu

0 commit comments

Comments
 (0)